A critical out-of-bounds write vulnerability in RTKLIB could allow unauthenticated attackers to achieve arbitrary code execution through malicious data streams.

The vulnerability exists in the decode_type1033 function, which fails to validate the length of input data against the destination buffer size. An unauthenticated attacker providing a malicious NTRIP or serial RTCM3 stream can trigger an overflow to corrupt memory.

This flaw carries a CVSS score of 9.8, indicating the highest level of risk. Exploitation could allow an attacker to gain full control over the system processing the RTCM3 stream, leading to service disruption or unauthorized access to critical geolocation infrastructure.

Immediate Action: Update RTKLIB to the latest patched version that includes proper bounds checking for the decode_type1033 function.

Proactive Monitoring: Monitor systems processing RTCM3 streams for unexpected crashes or abnormal memory usage patterns in the RTKLIB service.

Compensating Controls: Isolate systems running RTKLIB on segmented networks and restrict access to input streams to trusted, authenticated sources only.

Public Exploit Available: Unknown

The severity of this memory corruption vulnerability necessitates immediate attention. Administrators must verify their software versions and apply updates to prevent the risk of remote code execution in critical positioning and navigation environments.